[BreachExchange] Cyber Security and Loss Recovery - A New Alternative for Organizations

Mon Oct 24 18:39:11 EDT 2016

http://www.jdsupra.com/legalnews/cyber-security-and-
loss-recovery-a-new-89910/

The largest data breaches ever have occurred since 2015, and targets have
encompassed a wide spectrum of entities. Organizations affected range from
U.S. DOJ and the IRS—where citizens’ personally identifying information was
stolen and released by hackers—to universities like the University of
Central Florida and the University of California–Berkeley—where more than
160,000 individuals’ financial and identifying data was compromised.

What types of organizations are at risk for cyber-attacks?

Cyber security poses increasing threats to health care groups, and in 2016
attacks occurred against 21st Century Oncology in Florida and Premier
Health Care in Indiana. These reported breaches affected sensitive patient
information.

While web-based companies like LinkedIn, Yahoo!, and Dropbox endured highly
publicized data breaches that compromised a massive amount of user data,
hacks of point-of-sale systems have become a threat to consumer credit card
information, as the breach of Oracle’s MICROS system, discovered in August
2016, indicates a growing threat to retailers and consumers around the
globe.

Companies and organizations of all sizes and types are now tasked with
preserving and securing an ever-increasing amount of data.

This uptick in electronically stored data escalates the risks and potential
threats.

What costs can an organization anticipate if it is the victim of a
cyber-attack?

A June 2016 independent study conducted by Ponemon Institute found that
companies in the United States face an average total cost of over $7
million dollars per breach. Individual records that are lost or stolen in
the United States amount to a $221 per capita loss for the targeted
company. Unfortunately for health care organizations and financial services
companies, these costs are higher and average as much as $355 per lost or
stolen record.

As the size and scope of data breaches have increased, the associated costs
have also risen, and these increased costs confront organizations of all
types.

Any cyber risk equates to a potential loss of business revenue for
companies operating domestically and abroad. Health care organizations,
universities, corporations, financial institutions and governmental
entities each combat different types of risks, and these varied risks
create unique costs based on the circumstances of the breach.

In most cases, the total cost of a data hack can be difficult to quantify,
but these costs include:

loss of goodwill;
property damage;
loss of intellectual property;
compliance costs;
the cost of potential litigation resulting from the breach;
and general business interruption resulting in lost profits.

A breach of consumer information—like the recent cyber-attacks against
well-known corporations like Wendy’s, Target, and Home Depot—can have the
unfortunate result of keeping consumers away as they are leery of further
breaches. Cyber-attacks can easily affect an organization’s bottom-line in
a variety of ways.

What do cyber security insurance policies typically cover?

Previously, a gap in coverage existed as policies focused on an
organization’s legal compliance requirements but failed to address the many
other disruptive problems resulting from damaging cyber-attacks. Policies
tended to cover basic matters like credit monitoring for stolen information
or a policy may have covered the costs of litigation brought on by the data
breach.

To address the mounting problem in today’s electronic world, cyber security
companies announced in the fall of 2016 new insurance solutions intended to
cover the high costs of cyber security threats.

These cyber risk policies will cover previously uncovered loss of revenue
stemming from a cyber-attack.

What can organizations do to help cover these potentially huge financial
losses resulting from a cyber-attack?

Confronting potentially catastrophic losses from cyber-attacks demands an
innovative approach. The aftermath of a cyber-attack is expensive, and the
risks have become increasingly common. As organizations manage more and
more sensitive data, the size and scope of data breaches by cyber criminals
will continue to expand. The revenue lost after cyber security breaches
will also continue to compound, causing even greater financial harm to
victim organizations.

Typical cyber insurance coverage policies previously did not cover lost
revenue resulting from data breaches. However, the emerging trend toward
insurance policies that cover lost revenue will provide a potential safety
net for corporate, governmental, financial, and health care entities. These
new cyber risk policies will address a serious risk for entities that
collect and store sensitive electronic data.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161024/6638cdd1/attachment.html>